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Abstract 

We recall that SBV, a proof system developed under the methodology of deep in- 
ference, extends multiplicative linear logic with the self-dual non-commutative logical 
operator Seq. We introduce SBVQ that extends SBV by adding the self-dual quantifier 
Sdq. The system SBVQ is consistent because we prove that (the analogous of) cut elim- 
ination holds for it. Its new logical operator Sdq operationally behaves as a binder, in a 
way that the interplay between Seq, and Sdq can model y8-reduction of linear /l-calculus 
inside the cut-free subsystem BVQ of SBVQ. The long term aim is to keep developing 
a programme whose goal is to give pure logical accounts of computational primitives 
under the proof-search-as-computation analogy, by means of minimal, and incremental 
extensions of SBV. 



1 Introduction. 

This is a work in structural proof-theory. We extend SBV iSj, the paradigmatic system of the 
deep inference methodology to design proof systems. 

Deep inference (DI). One of the main aspects of DI is that logical systems can be designed 
as they were rewriting systems, namely, systems with rules that apply deeply inside terms, or, 
equivalently, in any suitable context. We must read "deep" as opposed to "shallow". Rules 
of sequent and natural deduction systems are shallow because they build proofs whose form 
mimics the one of formulas. Thanks to the deep application of its rules, BV substantially 
extends multiplicative linear logic (MLL) |[3l with the non commutative binary operator Seq, 
whose logical properties are strictly connected to the expressiveness of BV itself. Any limits 
we might put on the application depth of BV rules would yield a strictly less expressive system 
llT6l indeed. An extension of BV, by means of linear logic exponentials JH |2l [8] [15] is NEL, 
whose provability is undecidable lfT3l . 



Contributions, and motivations. We introduce SBVQ. It is SBV plus a quantifier that we 
identify as Sdq, which abbreviates "Self-dual quantifier". The relevant feature of Sdq is to 
bind variable names of SBVQ only. The consequence is twofold. First, we do not need to 
classify Sdq as either an existential, or a universal quantifier Indeed, binding variable names 
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Figure 1 : Computing /l-term (Not) True in BVQ. 



only, it never requires to distinguish if the quantification is over a variable which we can think 
of as an assumption or as a conclusion. Hence, a second consequence is that Sdq naturally 
becomes self-dual. So, SBVQ can be viewed as a minimal extension of SBVQ by means of a 
logical operator whose instances identify regions of formulas where specific variable names 
can essentially change freely. 

The work may be viewed as divided in two parts. The first is about proving that SBVQ 
is consistent. Namely, SBVQ enjoys Splitting (Section[3]) which identifies the subset BVQ of 
SBVQ which plays the role of cut-free fragment. 

The second part of the work gives to Sdq an operational semantics. Exploiting that Sdq is 
a binder, we show that its interplay with Seq makes proof-search inside BVQ complete w.rt. 
the basic functional computation expressed by linear /l-calculus. We recall that functions lin- 
ear /l-calculus represents use their arguments exactly once in the course of the evaluation. So, 
the set of functions it can express is quite limited, but large enough to let the decision about 
which is the normal form of two linear /l-terms a polynomial time complete problem 1101 . 
Completeness amounts to first defining an embedding (|- [). from linear /l-terms to formulas of 
BVQ (Section|5]) Then, completeness states that, for every linear /l-term M, and every atom 
o, which plays the role of an output-channel, if M reduces to A^, then there is a derivation 2i 
of BVQ, that derives the conclusion (\M\)o from the assumption \N\)o- (Theorem |5.1| ) For 
example, let us recall a possible encoding of boolean values, and of boolean negation: 



Not = /lz./(x./(y.((z)>')x True = /iw./lz.(vi')z False = /(w./iz.(z)H' 



Figure[T]shows (part of) a non trivial example of completeness. We have a derivation of BVQ 
whose conclusion encodes (Not) True, while the premise encodes its y6-reduct /lx./ly.((True) y) x. 



Finally, showing completeness means we keep developing a programme whose goal is to 
give pure logical accounts of computational primitives under the proof-search-as-computa- 
tion analogy, by means of minimal extensions of SBV. This programme begins in E|. It 
shows that Seq soundly, and completely models CCgp, the restriction of Milner CCS [?] to a 
fragment that contains sequential, and parallel composition only. 
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Related works. This work directly relates to ifTTI . and IIT2I as follows. First here we choose 
a better terminology. Current "self-dual quantifier" Sdq were dubbed as "renaming" in both 
IfTTI . and lfT2l . putting too much emphasis about its operational meaning. Moreover, this 
work (i) cleans up the definition, and the properties of Sdq, (ii) generalizes the statements of 
some principal property, correcting non-crucial flows in their proofs, (iii) states and proves 
deduction and standardization properties, (iv) includes details of many proofs of the given 
statements, (v) simplifies the map (|- [). from linear i-terms to formulas of BVQ dropping any 
reference to explicit substitutions inside linear /l-terms, which was, instead, mandatory in 
IfTTI [T2I . (vi) among the conclusions (Section|6]l, anticipates that BVQ can be complete, and 
not only sound, w.r.t. a suitable extension of the above fragment CCS of Milner CCS. 
Besides 121, further related works are |IT]2], and IITtI . 

The former restates natural deduction of the negative fragment of intuitionistic logic into 
a DI system from which extracting an algebra of combinators where interpreting /l-terms. 
So, the connection is the aim of giving a computational interpretation to a DI system. Further 
investigation on the computational nature of deep inference system is in Q. It shows rela- 
tions among lambda calculi with explicit substitutions, and intuitionistic systems redefined 
in accordance with the deep inference approach to proof theory. Specifically, 14] shows the 
impact on the design of /l-calculi with explicit substitutions of intuitionistic logic reworked 
in terms of nested sequents or of calculus of structures, under both the proofs-as-programs, 
and fromulas-as-programs paradigms. 

Finally, IfTTI inspired the two-arguments map (| [). from linear /l-terms to formulas of 
BVQ. Anticipating a bit the content of Section|4] the definition of the basic clause of (|- \j. is 
i\x\)o - {x <d}. Intuitively, the linear /1-calculus variable x in (|- \). becomes the name of an 
input channel to the left of the occurrence < of Seq. The input channel is forwarded to the 
output channel o in analogy with the forwarder [x]g = x{o) .0(0) which comes from |f9l|, and 
which is one of the defining clauses of the output-based embedding of standard /l-calculus 
with explicit substitutions into ;r-calculus ITTl . So, SBV can model a forwarder, the basic 
input/output communication flow that i-variables realize. The introduction of Sdq allows to 
model any on-the-fly renaming of channels that serves to model the substitution of a term for 
a bound variable, namely, the linear yS-reduction process of linear /l-calculus. 

Road map. Section [2] introduces the extension SBVQ (BVQ) of SBV (BV). Section [3] 
proves that SBVQ is consistent by extending the proof of (the analogous of) cut-elimination 
for SBV to SBVQ. Section|4]recalls linear /l-calculus, and defines the embedding of its terms 
to formulas of BVQ. Section |5] shows the completeness of BVQ w.rt. linear /l-calculus, 
namely it shows that every computation in the latter corresponds to a proof-search in the 
former Section |6] comments about the lack of a reasonable soundness of BVQ w.rt. to 
/l-calculus, and points to future work. 

2 Systems SBVQ and BVQ 

We recall and clean-up the definitions of ifTTlfTSl . 

Structures. Let a,b,c, . . . denote the elements of a countable set of positive propositional 
variables. Let a,b,c, . . . denote the elements of a countable set of negative propositional 
variables. The set of names, which we range over by I, m, and n, contains both positive, and 
negative propositional variables, and nothing else. Let o be a constant, different from any 
name, which we call unit. The set of atoms contains both names and the unit, while the set 
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of structures identifies formulas of SBV. Structures belong to the language of the grammar 
in©. 



o I I I I {R<sR) I {R<R) I [R'SR] I \R\„ (1) 



We use K, P, R, T, U, V to range over structures. As in SBV, Risa Not structure, {R T) is a 
CoPar structure, (R <T) isa Seq structure, and [R "S T]isa Par structure. The Sdq structure 
[Ria is new. It comes with the proviso that a must be a positive atom. Namely, [Rjj is not in 
the syntax. Sdq induces notions of free, and bound names, defined in (|2]i. 



[a] = fn(a) U fn(S) 


= bn(a) U bn(a) 


fl€fn(^)ifa€fnW 


a e bn(R) if a e hn{R) 


a € fn{(R ® T)) if a 6 fn(R) U fn(r) 


a e hn{{R <T))ifae hn{R) U bn(r) (2) 


a € fn{{R < T)) if a e fn{R) U fn(r) 


a e hn((R ® T)) if a e hn{R} U hn{T) 


a e fn{[R -'8 T]) if a e fn{R) U fn(r) 


a e hn{[R 'S T\) if a e hn{R) U bn(T) 


a 6 fn{\R\t) if a i^b and a e fn{R) 


a e hn{\Rii,) if a = b oi a e hn{R) 



Finally, (|3]l defines the substitution R{%] that replaces (i) the atom a for the free occurrences 
of b, and (ii) the atom a for those ones of b, in R. 



cm = c {R<T)["i„] = <mi>mi> 

"i7i,) = ~ [Rs nr/ii = [R["k\ 's T{%\] 

bi" h] = a _ (T.) 

(R s> T){%] = (R{%] ® T{%]) \RiA"/b} = \R{%]ic 



bn 

Kit 



Size of the structures. The size \R\ of R is the number of occurrences of atoms in R plus 
the number of occurrences of Sdq that effectively bind an atom. 

Example 2.1 {Size of the structures) We have \[a fl]| - \\{a '^'a\\b\ - 2 for we do not count 
the occurrence of [-J.. Instead, we count it in \[a ^ «]]«, getting 'S a\\a\ - 3. 

(Structure) Contexts. We denote them by S'f ). A context is a structure with a single 
hole { } in it. If S{R}, then /? is a substructure of S . We shall tend to shorten S{{R 'S [/]) as 
5 [7? >«■ ;7] when [/? t/] fills the hole { )of5{ ) exactly. 

Congruence ~ on structures. Structures are partitioned by the smallest congruence ^ we 
obtain as reflexive, symmetric, transitive and contextual closure of the relation ~ whose defin- 
ing clauses are dH, through (|20] | here below. 
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Associativity 




Negation 




(/? » (r » V)) ~ ((R » D » v) 


(12) 






(R<(T<V)) ~ ({R'T)'V) 


(13) 


o" ~ 


(4) 


[R'S [T 'S V]] ~ [[R 'S T]'S V] 


(14) 


^ f? 
I\ ~ I\ 


w) 






[R'gT] ~ {R<s T) 


(6) 


Unit 




(R»T) ~ [R'S T] 


(7) 






(R-T) ~ {R-T) 


(8) 


(oSiR) ~ R 


(15) 




(9) 


{o<R) ~ {R<o) ~R 


(16) 






[csR] ~ R 


(17) 


Symmetry 












a-rule 




[R'S!] ~ [T'SR] 


(10) 






{R»T) ~ {T <s R) 


(11) 


IR}„ ~ R if at fn(R) 


(18) 








(19) 






URibia ~ \\RUb 


(20) 



Contextual closure means that S{R} ~ S{T} whenever R kT. We remark that Sdq is self-dual 
like Seq is. When introducing the logical rules we shall clarify why. Thanks to ( l20l i. we 
abbreviate [• ■ • \R\a^ ■ ■ -Ja,, as \R\g, where we may also interpret a as one of the permutations 

of fli, . . . ,fl„. 



The system SBVQ. It contains the set of inference rules in (l2ll here below. Every rule has 
T 

form p — , name p, premise T, and conclusion R. 



aii — 

[a 'S a\ 

([R 'SU]<[T'S V\) {[R '9T](S>U) 

[{R<T}'S{U<V}] ' [(R e>U)'sT] 

URL s \U\a] 



S[T} 

Every (instance of) inference rule can be used in any context, namely as p ^^^^ for any S { ]. 

This means that, if a structure U matches in 5 { ), it can be rewritten to S{T]. This justifies 
calling R the redex of p, and T its reduct. 

Up and down fragments of SBVQ. The set {aii, S, qi,uij is the down fragment BVQ of 
SBVQ. The up fragment is {ait, S, qt, ut). So s belongs to both. The rule ait plays the role 
of the cut rule of sequent calculus. The down rule for Sdq restricts the following one |[T4l : 

\la.[R 'g U] 
[ia.R'sBa.U] 



(a ® a) 



({R<T)<s{U<V)) 
{{R s>U)<(Te> V)) 

(IRL ® fUL) 



l(R » U)L 



(21) 
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to binding variable names only. Limiting Sdq to abstract variables implies that the difference 
between existentially, and universally quantified names disappears. The reason is that the 
cut-elimination will have no need to differentiate between the substitution of an existentially 
quantified variable for a universally quantified one, or vice versa. So, Sdq becomes self-dual. 



Derivations vs. proofs. A derivation in SBVQ is either a structure or an instance of the 
above rules or a sequence of two derivations. Both @, and co will range over derivations. 
The topmost structure in a derivation is its premise. The bottommost is its conclusion. The 
length \&\ of a derivation & is the number of rule instances in ^. A derivation & of a 

T 

structure R in SBVQ from a structure T in SBVQ, only using a subset B c SBVQ is &\\b. 

T R 

The equivalent space-saving form we shall tend to use is : T R. The derivation ®||b is a 

proof whenever T x o. We denote it as ^\\b, or " ot ^ : \-q R. Both and will range 

R 

over proofs. In general, we shall drop B when clear from the context. In a derivation, we 
T 

write pi,...,p,„,ni, =, whenever we use the rules pi, . . . ,p,„ to derive R from T with the help 
R 

of «i, . . . , «p instances of (01, . . . , ( fTTT i. To avoid cluttering derivations, whenever possible, 
we shall tend to omit the use of negation axioms (01, . . . , (|9|l, associativity axioms ( fT2] i. 
ST3[ . ( fT4b . and symmetry aximos ( fTOl i. (fTTT i. This means we avoid writing all brackets, as in 
[R'S [T '9 U]], in favor of [R'S T U], for example. Finally if, for example, q > 1 instances 
of some axiom (n) of (0|, . . . , ( |20l i occurs among «i, . . . , n^, then we write (nf. 



Admissible and derivable rules. A rule p is admissible for the system SBVQ if p ^ SBVQ 

and, for every derivation !^ such that : T l-|p|usBVQ ^' there is a derivation ^' such that 

T 

^' • ^ '"SBVQ ^- ^ derivable in B c SBVQ if p i B and, for every instance p — , 

there exists a derivation ^ in B such that !S : T R. 

The rules in ( |22] | recall a core set of rules derivable in SBV, hence in SBVQ. 



o 






ii — 


mixp 




[R'SR] 


{R<T) 








(22) 


(Rs>R) 


(R'T) 




it 


pmix 







[R'ST] 





General interaction down and up. In (i22l i. general interaction up is it, derivable in the 
set |ait, S, qt, uti, reasoning by induction on \R\, and proceeding by cases on the form of R. 
We show the few steps of the proof, relative the case Sdq; 

^ (\RLi>W.) 

m ® . _ 

iT ind. hypothesis 

o 
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Similar arguments apply to the cases relative to Not, CoPar, Seq, and Par. Symmetrically, 
general interaction down \i is derivable in {aii, S, qi, ui}. 



General Seq-transitive up, and down rules. In ( l22b ti is derivable by reasoning induc- 
tively on the size of S{ }, and proceeding by cases on its structure, under the proviso (*) 
which says that ({a} U fn(r)) n bn(5 { !) = 0. If5{ )~| }, thentiis; 

aii.QH.Gll = 

qi 

MM 
M 





{[a' 


s a] 


< [o 'S 


T])) 


{R- 


[{a 


.o>' 


S {a< 


T)]) 


{[R 


« o] 


<[a 


^ (a- 


■7->]> 


m 


■> a) 


V <o 


<{a< 


T})] 



l{R<a)'9(a<T}] 



lfS{ } ~ {S'{ )® f/), then: 



([S'{R<T}]e>U) 

ind. hypothesis 



lfS{ }^IS'{ ILthen: 



{lS'{R-a)'S {a<T)]» U) 
'[(S'(R<a)s>U)'?{a<T}] 



l[S'{R<T)]i, 

ma. hypothesis 



_ llS'(R<a)'S{a<T)]i„ 

(H.ui = 

US'{R<a}\„'S{a<T)] 
The case with S{ } ~ [S'{ ] U]is simpler than the two here above. 

Mix rules. In ( l22b both mixp, and pmix, show a hierarchy between connectives: Par is the 
lowermost, Seq lies in the middle, and CoPar on top 15j. Postfix mix rule mixp is derivable 
in {qt). 

Finally, some properties that formalize simple derivations we can always build inside 
BVQ. The first one says when two structures R, and T of BVQ can be moved inside a context 
so that they get one aside the other 

Proposition 2.2 (Context extrusion) SIR'S!] h^^^ [S{R] 'S T], for every S,R,T. 

Proof By induction on \S{ )|, proceeding by cases on the form of S{ ]. (Details in Ap- 
pendixlAli. 

The following statement highlights the scoping nature of Sdq. For proving it, it is enough to 
inspect the behavior of the rules in BVQ. 

Fact 2.3 (Sdq is a scoping operator) Let a, U, and V be given. 

1. If ^ : y i-gyQ lU}a, then there exist R, and ^ such that & : fR},, i-g^Q fUja. 

2. For every R,if&: fRja hg^Q fUja, then : R hg^Q U, for some 

The last property says that no new variable can be introduced in the course of a derivation. 
Proposition 2.4 (BVQ is affine) In every ^ : T i-g^Q R, we have \R\ > \T\. 
Proof By induction on \&\, proceeding by cases on its last rule p. 
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3 Splitting for SBVQ 



We recall, and clean the proof of Splitting for SBVQ in ifTTl [121 . Splitting can be viewed 
as a generalization of cut-elimination for sequent calculus-like systems. Proving Splitting of 
SBVQ amounts to proving that SBVQ, and BVQ are equivalent, namely that every up-rule is 
admissible in BVQ, or, equivalently, that we can eliminate every up-rule from any derivation 
of SBVQ. Since ait is an up-rule, and it plays the role of the cut rule, proving Splitting means 
proving also cut-elimination for SBVQ. 

The first part of this section traces how Splitting, and some other properties it relies on, 
works to eliminate uT. The second part, Subsection |3.1| is for technical eyes interested to the 
full formal details. 

Let us see how Splitting eliminates an occurrence (*) of ut from a proof ^ of SBVQ, 
so focusing on the case that differentiates the proof of Splitting for SBVQ from the one for 
SBV. Let; 

S URL'S IT L) 
uT (*) 

be ^ with (*) the instance of ut we want to eliminate. We are going to rewrite ^ to a proof 
of BVQ with the same conclusion as but without (*). The first step to get rid of (*) is 
Splitting (Theorem |3.5t . The instance of Splitting we need, up to some details we can ignore 
at this level, is: 

^^Sl(R L T)L' ^'^^ ^ '""^^ ' ^"'^ l(R <ST)^K] 

We remark that extracting K, hidden inside fF, might require many instances of Sdq to 
emerge, as the outermost occurrence [-J^^ in the premise of & shows. We can apply Splitting 
by taking £P — beware, not — as ^. Since V in & can be any, we choose V ~ [{R ® T)ia, 
the conclusion of the instance of ut we want to eliminate. From such an instance of & we 
get: 

l[(R » D « K]\g 
Sl(R«T)i„ 

Now we extract from K the, usually called, killers of R, and T inside (R ® T). Namely, we 
apply the following instance of Shallow splitting (Proposition l3.2b to the above =S': 

Ifr^D -r\ then 3 A^i.A^T, <? such that s\\ and „ , and „ " " -, 

K 

which, once more, may let instances of Sdq to emerge. Composing S, Si, and <o2, we get 
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the (*)-free proof we are looking for: 



Proposition^^ ||bVQ 

It is a proof with the same conclusion as without (*), but with, at least, a couple of new 
instances of both ui, and s, the first one being "inside" Proposition 122] 



3.1 Details on Splitting 

Proposition 3.1 {Provability of structures in BVQ) Let R, and T be structures, and a be a 
name, and 0^, ^i, and ^2 be proofs of BVQ. 

1. ^ : hg^Q {R < T) iff .9>, : h^^^ R and ^2 : ^^y^ T. 

2. ,9> : hg^Q (R ® D iff ^1 : hg^^ « and ^2 : Hg^Q T. 

3. ^ : hg^Q r^Jfl iff ^' : hg^Q /^jVa), for every variable b. 

Proof "If implication" . The proofs of[T]and|2] given in |51 by induction on |^| inside BV, 
extend to the cases when the last rule of ^ isui. Indeed, the redex of ui can only be inside 
R or T. Concerning |3] the assumption implies the existence of : h R{"/a], namely of 

: h R. So, we can "wrap" with exploiting (fTsT l, and apply every rule of deep 
in the proof ^ we are building. 

"Only if implication ". In all the three cases, the proof is by induction on |^|, proceeding 
by cases on its last rule p. Concerning points [1] and|2]a redex can only be inside R or T. 
So, the application of the inductive hypothesis is immediate. Instead, a may not belong to 
fn{R) in Point [3] If this is true, then ( fTSl l implies that every instance of with b in place 
of a exists. The reason is that, by definition, the substitution (O distributes over structures, 
preserving the scope of every instance of Sdq. Otherwise, if a e fn{R), then the redex of p 
can only be inside R. So, we can conclude thanks to the inductive hypothesis. 

Proposition 3.2 (Shallow Splitting in BVQ) Let R, T, and P be structures, and a be a name, 
and ^ be a proof of BVQ. 

1. If ^ : t-gyQ [{R < T) '8 P], then there are ^ : (Pj < P2) hg^Q P, and ^1 : hg^Q [R '8 P,], 
and ^2 : i-bvq ^2], for some Pi, and ^2- 

2. If ^ : hgyQ [(R <g>T)'S P], then there are ^ : [Pi's f 2] ^bvq ^' ^1 : i-g^Q 
[R '9 Pi], and ^2 : i-g^Q [r '8 P2], for some Pj, and P2. 

3. Let ^ : hg^Q [R 'S P] with R k [li 's ■ ■ ■ 'S such that / ^ j implies !,■ ^ Ij, for every 
i,j e {!,..., m], and m > 0. Then, for every structure Rq, and Ri, if R ^ [Rq 'S Ri], 
there exists ^ : Ri ^^^^[Ro'S P]. 
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4. If ^ : I- [fRia P], then there are ^ : [T^J,, l-gvo and ^' : i-g^Q [R T], for some 
T. 

Proof Following ||5], both statements [T] and |2] must be proved simultaneously. We rea- 
son by induction on the lexicographic order of the pair {\V\, \^\), where V is one between 
[{R <T}'9 P] or [{R ® r) P], proceeding by cases on the last rule p of ^. 

Point[3]relies on points[Tl|2] It holds by induction on (\R\, |^|), proceeding by cases on the 
last rule of Point|4]relies on points[Tl|2] It holds by induction on (If^Jal, \^\), proceeding 
by cases on the last rule of (Details in AppendixlBl). 

Remark 3.3 The proviso "/ j implies I, 9^ Ij, for every i,j e {!,..., m}" of Point (O in 
Proposition |3 . 21 serves to let the killer of every I be inside [Rq P]. 

Proposition 13. 4| here below says that S{ } supplies the "context" U, required for proving R, 
no matter which structure fills the hole of 5 { ). 

Proposition 3.4 (Context Reduction in BVQ) Let R he a structure, and S{ ) be a context 
such that ^ : i-g^Q S{R]. There are a structure U, and, possibly, some variables b such that, 
for every V, if fn(y)nbn(7?) = 0, then both ^ : [[V i? U]}g hg^Q S{V], and ^ : hg^Q [R 'S U]. 

Proof The proof is by induction on IS' { )|, proceeding by cases on the form of 5 { ). (Details 
in AppendixICb. 

Theorem 3.5 (Splitting in BVQ) Let R, and T, be structures, and S{ ) be a context. 

1. If ^ : hg^Q S{R< T), then there are structures Ki,K2, and, possibly, some variables b 
such that, for every V with fn(V)nbn((7? < T}) = 0, there are & : l[V 'S {Ki < K^)]},; hg^^- 
S{V}, and : hg^Q [R 'S Kx\, and ^2 : l-gvo \T ^2]. 

2. If ^ : hgyQ S{R® T), then there are structures K],K2, and, possibly, some variables b 
such that, for every V with fn(y)nbn((7; ® T)) - 0, there are ^ : \[V Ki '8 /Ta] Jg l-gvo 
S{V}, and ^1 : hg^^ [R 'S K^], and ^2 ■ ^^ya ^2]- 

3. If ^ : hg^Q SlRia, then there are a structure K, and, possibly, some variables b such 
that, for every V with fn(y) n hn(lR}a) = 0, there exist ^ : [[V /i:]Jg hg^Q and 
^':hg^Q [/; 

Proof We obtain the proof of the three statements by composing Context Reduction (Propo- 
sition l3.4] ). and Shallow Splitting (Proposition l3.2b in this order (Details in Appendix iDt. 

Theorem 3.6 (Admissibility of the up fragment for BVQ) The set {ait, qt, uf) in SBVQ is 
admissible for BVQ. 

Proof Use Splitting (Theorem l3.5b . and Shallow Splitting (Proposition l3.2b (Details in Ap- 
pendix |e1) 

4 Linear /l-calculus mapped to BVQ 

To show that Sdq is not an extemporaneous logical operator we interpret it as binder that, 
together with Seq, models the renaming mechanism of linear j8-reduction. 
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Linear /l-calculus. We recall that linear /l-calculus can be viewed as a pair (linear /l-terms, 
linear operational semantics). Let 'f be a countable set of variable names we range over by 
x,y,w,z. We call the set of A-variables. The set of linear A-terms is A = \Jxc-r we 
range over by M, N, P, Q. For every X <z Y, the set contains the linear A-terms whose 
free variables are in X, and which we define as follows: (i) x e A^^y, (ii) Ax.M € Ax if 
M G Axu{a|; (iii) (M)N e Axuy if M e Ax, e Ay, and X n Y - & ; (iv) M {''/,} e Axuy 
if M e Axu{x], P £ Ay, and X HY - Hi. The linear operational semantics that rewrites linear 
/l-terms is the relation => c AxA here below: 




where Ml'^/J is the usual clash-free substitution, that replaces for the forcefully single 
occurrence of x in M. We remark that (|23) is the reflexive, contextual, and transitive closure 
of linear /^-reduction we find in rule Finally, \M => denotes the number of instances of 
rules in ( |23] ). used to derive some given M ^ N. 



The map (|- D.. We define it here below, to map terms of A into structures of BVQ. 





o = (x « o) with o fresh 


(24a) 


(\Ax.M 




(24b) 






(24c) 



For every linear /l-term M, the structure (|M [)o is such that (i) o is a unique output channel, and 
(ii) every free variable of M is used as positive atom name that plays the role of input channel. 
Clause ( I24al i associates the input channel x to the fresh output channel o. Intuitively, x shall 
be eventually /orwar^fet/ to o, in accordance with terminology taken from Q- Clause (124b b 
uses Sdq to abstract on the input channel x. This means to let x ready to merge with any 
output channel of a linear /l-term that has to be substituted for x. Such a channel comes 
from the argument of an application, as translated by (|24c) . It wraps (|A^ [)^, abstracting on its 
output channel q thanks to Sdq. So, thanks to Sdq, linear j8-reduction, and its substitution 
mechanism, become an identification of channel names inside BVQ, as follows: 



\<\M[''IA\)o\p 
"lU 

_ r[^Mr/,}[)„«<p-5)]j„ 

fT8l 

■ - (25) 

subst 

021= = 

\(\{Ax.M)N), = [r^M^„J, 1? r^A')/,J, « {p<o)]\„ 

In (|25l) here above (i) ^ holds because we have that \<\N\)q\q ^ T^A^^^fV^Ux ~ \(\N\)x\x 
holds thanks to the uniqueness of input, and output channels, and thanks to Seq which never 
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confuses left, and right-hand sides of (R •> T), (ii) the instance of uj, identifies the input channel 
X of [(|M [)„J V with the output channel x of l\N after its renaming by means of (fT9] l. (iii) we 
are going to show that both subst, and mti are derivable in BVQ, with the second one being 
a specialization of the transitivity ti, and (v) the two occurrences of (fTST l apply because x and 
p disappear 

5 Completeness of BVQ w.r.t. Linear /l-calculus 

Completeness says that we can mimic every computation step of linear /l-calculus as proof- 
reconstruction inside BVQ. 

Theorem 5.1 {Completeness of BVQ) For every M, and A^, and o, if M => A^, then ^ : 

The proof reUes on some technical lemma that we detail out in the coming lines. 

Lemma 5.2 {Output names are linear) For every M, and o, the output name o of (|M Do oc- 
curs once. 

Proof By induction on the definition of (|- [)., proceeding by cases on the form of M. 

Lemma 5.3 {Substitution in BVQ) For every M,N,p,o, and x, such that x e fn{(\M\)o), in 
BVQ, we can derive: 

mti subst 

Proof Concerning mti, we reason inductively on the size of (|- proceeding by cases on M. 
(Details in Appendix|F]) Concerning subst, we reason inductively on the size of [(|M Do (\N \jx], 
exploiting mti. (Details in AppendixiGl) 

Lemma 5.4 {Linear p reduction in BVQ) For every M, N, o, and x, in BVQ, we can derive: 

beta 

l\{Ax.M)Nl 

Proof The rule beta is derived in ( |25] l exploiting the definition of (|- [)., and Lemma 153] 

Proof of Theorem 15.11 By induction on \M ^ N\, proceeding by cases on the last rule 
in ( |23] l used for proving M ^ A^. If the last rule is beta, then Lemma |5r4l implies the thesis. 
Let the last rule be tra. The inductive hypothesis implies the existence of and ^i: 




In all the remaining cases we proceed as here above, exploiting that BVQ is a DI system, so 
we can apply deeply, namely in any context, every of its rules. 

Remark 5.5 As a corollary, under the same assumption as Theorem 15.11 we have hg^Q 
[(|M Do "S" (IN Do] because we can derive ii in BVQ, and we can plug it on top of ^. 



12 



6 Conclusions and future work 



On the computational interpretation side of proof-search inside BVQ, this work makes no 
reference to soundness of BVQ w.rt. Unear /l-calculus. Soundness is the reverse of complete- 

ness. For every M, N, and o, if siIIbvq, then M ^ N. A counter example to it is: 

l\{(Ax.M) P)Ql = \[\1\(IM 'Sll\P\)„ip'Si^-'7}]L'S\<\Q ^,J, 'S{r-.o}]ir 

m\<\M >5? \(ip \)„}„ ^ (i- ?>] J. 's rr^ e ^ir^mr 

where we would erroneously substitute (the mapping of) Q for (the mapping of) x in (the 
mapping of) M. We think essentially two ways exist to react to the lack of soundness of BVQ 
w.rt. linear /l-calculus. The first is in ifTTl [T2l which proves a weak, and not so interesting 
form of soundness. The second way is replacing the target language linear /l-calculus, so 
moving towards the programme that ||2] begins. It suggests that the natural computational 
paradigm w.rt. which BVQ can be sound, is some extension of CCsp, the fragment of Milner 
CCS with sequential and parallel composition only. This is coming work, indeed. 

On the proof-theoretical side, whose concern is the minimal, and incremental extension 
of SBV, an example of which is SBVQ, we plan to keep investigating self-dual operators. By 
By means of a self-dual operator, and in accordance with the proof-search-as-computation 
paradigm, we plan to model non deterministic choice. Candidate rules that model a self-dual 
non-deterministic choice ar^H: 

[[R •sT](B[U'8 T]] ([R ® (/] ® r) 

[[R ffi f/] « r] [(R » r) ffi (t/ ® r)] 

We think they are interesting because they would internalize the non deterministic choice 
that we apply at the meta-level when searching for proofs, or derivations, inside SBVQ or 
SBV. 
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A Proof of Context extrusion (Proposition 12.21 page |7]) 



By induction on \S { )|, proceeding by cases on the form of S[ ]. The base is with S{ ] = [ ). 
The statement holds simply because (i) SIR'S T] = [S{R} '9T]s[R'8 T], and (ii) [R '8 T] is 
a structure, so, by definition, a derivation. 

As a first case, let 5{ }s{S'{ }< U). Then: 



{S'[R'ST]<U) = SIR'S T] 
s\ 

{[S\R\'ST]<U) 
[S{R]'ST] = [{S'{R}<U}'9T-\ 



where ^ exists by inductive hypothesis which holds thanks to \S'{ ]\ < \S{ ]\. If, instead 
S{ ] s (S'{ ) ® U), we can proceed as here above, using s in place of qX. 

As a second case, let S { } = ]ia- Without loss of generality, thanks to ( fT9] l, we can 
assume a i fn(r). Then: 



\S'[R'sT]i„ = S[R'sT] 
f[S'{R]'sT]}, 



[SIR] '8T] = US'[R]L 'ST] = US'{R\L s [rjj 
where & exists by inductive hypothesis which holds thanks to |5 '{ }| < |5 { 



B Proof of Shallow Splitting (Proposition 13.21 page |9]) 



Proof of Points [Hand |2j We prove the two statements simultaneously, by induction on the 
lexicographic order {\U\, \^\), where U is one among [{R <T}'S P], and [(R ® T) P], 
proceeding by cases on the last rule p of 

As a first case for both points [T] and |2] we assume the redex of p is inside one among 
R, T or P. So, is one between: 

[{R' < T') 1? /"] [(R' ® T') '8 /"] 

[{R<T)'gP] " [{RDT)'gP] 

where only one among R',T', P' is the reduct of p. We can conclude by applying the 
inductive hypothesis on 3^' , or S^" , and p in the obvious way. 

Ai, a second case of Point [T] let p be qi with [{{R' <R") ■'T) '9 [{P' < P") 'S P'"]] as its 
redex. So, ^ can be: 



[{[R' « P'] < [{R" - T) '8 P"Y) '8 P'"] 
[[{R' < {R" ■> T)) « {P' ■> P")] 1? P'"] 
[({R' <R"}'T}'8 [(P' <P")'S /""]] 

Thanks to \[{{R' < R") < T) 'S [{P' < P") i? P"']]| = \{{{R' 'S F] < [{R" < T) '8 P"]) 'S P"']\ 
and \^'\ < \^\ the inductive hypothesis holds on which implies : {Pi <P2) H 
P'", and ^" : t- [[R' 'S P'] '8 Pi], and ^ : h [[{R" < T) 'S P"] 'S Pal- 
Thanks to \[[{R" ■> T) '8 P"] '8 P2]\ < \[{[R' '8 P'] < {{R" < T) '8 P"]) '8 P"']\ the induc- 
tive hypothesis holds on ^ which implies : {Ui< U2) H [P" '8 P2], and £S' : h 
[R"'8Ui],and ^" : h [r-sf/z]. 
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The first derivation and the first proof of BVQ in the statement we have to prove are: 

,, ^"1 



{{[P' 


-8 Pi] 






{{P't 




{Ui- 


Ui)) 














IP" >s 





m''sP']'sPi]<o) 



s\\ {[R''s[P"8Pi]]<[R"'sUi\) 

[{P' <P") 1? /""] [{R' <R") 'S ([P' >S Pi] < Ui)] 

The second proof of BVQ in the statement we have to prove is 

The situation with p s qX and [{R < {T' < T")) ^ [{P' < P") « P'"]] its redex is analo- 
gous to one one just developed. 

As a third case of Point [Diet p be qj. with [{R < T) [{P' < P") [V 'S U"]]] as its 
redex. So, ,0^ can be: 

[{F <[{R<T} P"]) [U' '8 U"]] 

'^^'^ IK° ' (R - T}) >8 {P' ' P")] « [(/' ^ U"]] 
MM= = 
[(R < T) 'S [</" - P") 's [(/' -5? (/"]]] 

Thanks to \{{R < T) 1? [{P' < P") '8 [U' '9 U"]]]\ = \[{P' < [{R < T) P"]) 1? [U' 'S U"]]\ 
and l^'l < 1^1 the inductive hypothesis holds on ^' yielding : {Pi <P2> H W U"], 
and^" : h [P' Pi], and ^ : h [[{R<T) 1? P"]'S Po]. 

Thanks to |[[<P < T) P"] s Pjll < \[{R < T) 'S [{P' < P") [U' 'S U"]]]\ and |^'| < |^| 
the inductive hypothesis holds on =S yielding S" : {U\ < U2) t- [P" Pi], and ^' : h 
[R'SUi], and ^" : H [T '9 U2I 

Both and are the two proofs of BVQ of the statement we have to prove. The 
derivation of BVQ is: 

_ {Ui < U2) 

{o<{Ui<U2)) 
{[P''8Pl]<{Ui<U2)) 

{[P' -8 Pi] < [P" -8 P2]) 

qi- 



[{P'-'P")'8(Pi-.P2)] 

4 

[{P' - P") '8 [W '8 U"]] 



As a fourth case of Point [T] let p be s with [{R <T)'8 [{P' ® P") P'"]] as its redex. 
So, ^ can be: 

[{[{R<T)'8 P']s> P")'^ P'"] 

M 

[([P' {R<T)]<» P")'^ P'"] 
' [[(/" ® P") '8 {R < T}] '8 P'"] 
[{R < T) -8 \(P' <& P") --8 P'"]] 

Thanks to \[{R < T) v [(P' ® P") 1? P"']]\ = \[([{R < T) P'] ® P") P"']| and \^'\ < 
by the inductive hypothesis. Point [2] applies to This means there exist S" : 
[Pi '9 P2] t- P'", and ^" : h [[{R < T) '9 P'] '9 Pi], and ^ : h [P" >§■ P2]. 

Thanks to |[<P < T) P']| < \[{[{R < T) '9 P'] ® P") P"']l the inductive hypothesis holds 
on ^" which implies <f ' : (t/i < U2) I- [P' Pi], and ^1 : h [i? f/J, and ^2 : h 
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[T 'S U2]- Both and ^2 are the two proofs of BVQ in the statement we have to 
prove. The derivation is: 



[P' -8 Pi] 

m 

[(o (S P') '8 Pi] 

[([P" -g P2] » P') -8 Pi] 
'[[(P"<SP')'8P2]'SPi] 
HP' ® P") D [Pi -5? P,]] 

4 

1{P' ® p") 1? P'"] 

As a fifth case of Point [T] let p be ui with [{R <T}'S P] as its redex. This means 
P a! [Uia, for some U and a, that, without loss of generality, thanks to ( fT9] l, we can 
assume such that a e fn(t/), and a i in({R < T)). So, by (HS]), {R<T) ^ [{R < T}ia, the 
derivation is: 

r[<i?^r>>s>f/]j„ 



[r<i?^r>j„'srf/jj 

Point[3]of Proposition [TT] applied on implies: 

HR<T)'SU] 

Thanks to |[<7; < T) ;7]| < \[\{R < r>J„ [f/JJI the inductive hypothesis holds on ^" 
which implies S' : {Pi < P2) h U, and ^1 : h [/? Pi], and ^2 : H [r 1? ^2]- Both ^1, 
and ^2 are the two poofs of BVQ in the stetement we have to prove. The derivation is 
\{Px < P2)\a H \U\a, wc obtain from S thanks to Factl23] 

We have exhausted the interesting cases relative to Point[T] 

Recall that we prove Point [1] and Point |2] simultaneously, by induction on the lex- 
icographic order {\U\, \,^\), where U is one among [{R < T) 'S P], and [{R 0T)'8 P], 
proceeding by cases on the last rule p of Now we explore the cases relative to 
Point H 

As a first case of Point |2] let p be qi with [(R <»T)'S [{P' <P") 'S [U' 1? U"]]] as its 
redex. So, ^ can be: 



[([[(R ® r) 1? P'] '8 u'] < P") '8 u"] 

[Hl.Gol.Qll 

Thanks to \{{R 0T)'S [{P' < P") [V 'S U"]]]\ = \{{{{{R ® T) -s- P'] s U'] < P") '9 U"]\ 
and < \^\, by the inductive hypothesis. Point [T] applies to There exist 

£ :{Ui< U2) H U", and ^" : h [[[(R ® T) 1? P'] '8 U'] 'S Ui], and ^ : h [P" 'S U2]. 

Thanks to \[[[(R ® T) -5? P'] ^ U'] 'sUi]\< \{{{{{R ® T) -s- P'] -5? U'] < P") U"]\ the in- 
ductive hypothesis holds on which implies S' : [Pi ^ P2] 1- [[P' "S" U'] ^ Ui], and 
^1 : h [/? Pi], and ^2 : H [r 1? Po]. Both ^1, and ^2 are the two proofs of BVQ 



[<[[(/? s 


) r) ^ 


? U'] ' 


f?P']- 


« [0 ^ P"]> ^ f/"] 






8 U'] 


< 0) 'S 


<P' - P">] ^ t/"] 






?[(P' 


<P") 


1? [y '8 {/"]]] 
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in the statement we have to prove. The derivation of BVQ in the statement we have to 
prove is: 

[Pi s Pl\ 
[[/" n U'] 1? f/i] 

[iii.noi.cni = 



[{[P''8Ui]<c^)'8U'] 

[{[P' s Ui\ < IP" s U2]) s U'] 
^ [[{P'<P")'S{Ui<U2}]'sU'] 
[{P'<P")'s[U''s{Ui<U2)]] 

[(P' ' P") '8 [W 1? (/"]] 



As a second case of Point|2]let p be S with [((R' R") ® {T' ® T")) '9 [P' -S- P"]] as its 
redex. So, ^ can be: 

■•^'! 

[{[(R' ® T') '8 P'] ® (R" » T")) 'S P"] 

' MR' ® T') ® (/?" ® 7"')) >5? P'] « P"] 
Gil.Qol.Qll.GTl ^ 

[{(R' ® P") ® (r' ® T")) '8 [P' '8 P"]] 

Both \[((R' ® if") ® (r' ® r")) [P' 1? p"]]| = |[([(/f' ® r') i? f] ® (r" ® r")) 

and \^'\ < \3^\ imply that the inductive hypothesis applies to 3^' . There exist S : 
[Pi '8 P2] H P", and ^" : h [[(R' ® T') '8 P'] 'S Pi], and ^ : h [{R" ® T") 'S P2]. 

Both \[[(R' <s> T') '8 P'] 1? Pill < \[{[{R' ® T') ^ P'] ® {R" ® T")) '9 P"]\ the inductive 
hypothesis holds on ^" which implies S" : [U[ '9 U^] h [P' '9 Pi], and ^[ : h 
[R' 1? t/j], and : \- [T' >9 U'^]. 

Thanks to \[{R" ® T") -j? Pill < \MR' 0T')'9P']® {R" T")) '9 P"]\ the inductive 
hypothesis holds on ^ which impUes S"' : [U[' -5? U'^] h P2, and ^" : h [if" -5? f/"], 
and ^'^ : h [7" -5? U'^]. 

The derivation and the two proofs of BVQ in the statement we have to prove are: 

[[U[ -8 U'2] 1? [U[' -8 U'{]] 

[[[/; v u'2] '8 P2] 

UP' -8 Pi]'8 P2\ 

03= = 

[F' 1? [P, 1? P,]] 

<?! 

[p' 1? p"] 

[R" '8 U"] [T" '8 U"] 

M====== m — 



[(o ® R") '8 U[']] [(o ® T") '8 (/;']] 

3' I 3' I 

_ [([P' ^ jy;]® if") ^ {/;']] _ [([r i? t/^] ® ro (/^']] 

03.S ■■ 03.S = 

[(P' ® R") '8 [(/; 1? (/"]] [(T' ® P") -5? [(/' '8 (/"]] 
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As a third case of Point |2] let p be s with [(R 81 T) [{P' » P") [U' 'S U"]]] as its 
redex. So, ^ can be: 

[([P' v [(^ ® r) 1? f/']] ® /"') 1? (7"] 



[[(p' <s> p") 1? [(p » r) v (/']] 1? f/"] 
[(R ® r) [(P' ® p") '8 [W 1? f/"]]] 

Both \[([P' 'S [{R 0T)'S U']] ® P") 'S U"]\ = \[(R <^T)'S [(P' ® P") [f/' t/"]]]|, 
and \^'\ < \^\ imply that the inductive hypothesis holds on So, we have S" : 
[Pi P2] H U", and ^" : h [P" P2], and =2 : I- [[P' [(R ® T) t/']] Pi]. 

Both \[[P' 'S [(R ® r) U']] 'S P{[\ < \[{{P' 'S [(R <g,T)i? U']] ^ P") i? U"]\, and \^'\ < 
\^\ imply that the inductive hypothesis holds on ^. SO, we have S" : [Ui '8 U2] H 
[P' -s- [U' '9 Pi]l and ^' : h [P '5? Ui], and ^" : h [r v f/i]. 

Both and are the two proofs of BVQ of the statement we have to prove. The 
derivation of BVQ is: 

[f/i ^ f/7] 
[F '8 [W n Pi]] 



03 = 



[(o ® P') V [t/' 1? Pi]] 

[([P"'SP2]®P')'S[f/''SPl]] 

' [[(P" ® P') ^ P2] [f/' -sPi]] 
ni.Qol.EI] 

HP' 8 P") >? [(/' V [Pi V P2]]] 

[(P' ® P") ^ [{/' 1? (/"]] 



As a fourth case of Point |2] let p be uj, with [{R ® T)'S P] as its redex. This means 
P ^ [Uia, for some U and a, that, without loss of generality, thanks to iT% . we can 
assume such that a i fn{{R ® T)). So, by ([18), (R^T) ^ l(R ® T)}a, and ^ is: 

^ r[(p « D 1? t/]j„ 
u(R s> m, '9 [(/]„] 

Point[3]of Proposition [TT] applied on implies: 

[(p «. r) ^ (/] 

Thanks to \[{R ® T) f/]| < \[\(R ® r)J„ [f/JJl the inductive hypothesis holds on 
^" which impUes : [P, -5? P2] h f/, and ^1 : h [/? Pi], and ^2 ■ ^ [T Pa]- 
Both J2i , and are the two poofs of BVQ in the stetement we have to prove. The 
derivation is [(Pi ® P2)ia ^ lUja, we obtain from S" thanks to Fact l2.3l 

Proof of Point |3l It holds by induction on (|P|, \ proceeding by cases on the last rule p 
of ^. 

As afirst case let the redex of p be inside P. So, ^ is: 

[R 'S P'] 
[R'sP] 
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We can conclude by applying the inductive hypothesis on S^' , and p in the obvious 
way. 

As a second case, let p be qj, with P a [{P' < P") 's P'"]. Also, let R(,), and R\ such that 
R^lRo'^Ri]. The proof ^ can be: 



[([R,1!P'}<P")'S[Rf,'8P"'}} 

qi.[l4l,[Ill,[ll 



[I3.[Ii^= ^= 

[[i?0^i?l]'S[</"-/"'>^/""]] 



Point[T]applies to There are structures Pi , P2, such that S'o : <Pi < Pi) 1- [^0 'S' -P'"], 
and ^0 : H [[Pi 'S P'] 'S Pi] ~ [Pi 'S [P' 'S Pj]], and ^1 : h [P" 'S Pj]. 

We observe that |Pi| < |[Po Pi]|. So, the inductive hypothesis holds on ^q. It implies 
that, for every P^.P}, if Pi * [Pq 'S' P[], then (?i : P[ h [P,^ >? [P' Pi]]. In particular, 
it holds S[: P^ t- [o [P' Pj]] a; [P' Pi] by taking Pi ^ P[, and o P^. 
We can conclude as follows: 



_ ^.1 

(Ri < [P" 1? Pjj) 

{[P''SP,]<[P"'SP2]} 

[{P'<P")lS{Pl<P2)] 
<Soi 

[(/>'< /"')l?[i?o^/""]] 

[i?oV[</"</"'>V/""]] 



As a third case let p be qj with P ^ [<P' < P") [P' 'S' P"]]. So, ^ can be: 

[</" < [[Ro « ^1] 1? P"]) « 1? P"]] 

J!'^ [[<o . [Po «Pi]> {P'<P")] s [R'sR"}] 
M.\M= = 
[[Rq 1? Pi] ^ [<P' < /"'> "S [P' 1? P"]]] 

Point[T] applies to There are structures Pi, P2 such that there exist «So : {Pi < P2) f- 
[P' P"], and ^0 : h [P' -5? PJ, and 

: h [[[Po 1? Pi] 1? P"] P2] ~ [Pi [Po [P" 'S P2]]]. 

We observe that |P 1 1 < | [Po P 1 ] | . So, the inductive hypothesis holds on i?i . It implies 
that, for every pi,P[, if Pi ^ [P' -5? P[], then <fi : Pj" h [R^ 'g [Po 1? [P" 1? P2]]]. In 
particular, it holds : P^ h [o [Po [P" 'S P2]]] ~ [Po 'S [P" 'S P2]], by taking 
Pi «;P[,ando k R^. 



20 



We can conclude as follows: 



_ ^1 

M _ 

^■;\\ 

{[P''SF,]<[Ro'9[P"'9P2]]) 
" {[P''SPi]<[[Ro'8P"]'8P2]) 
[{P'<[Ro'9P"])'^{Pl'P2)] 

_ [{P' < [Ro -8 P"]) s [R' 1? R"]] 

El; 



qi 

Gumi 



[<[° 


•SP'] 


<[Ro' 


S P"]} 


9 [R' ' 


s R"]] 


[[<o 




1? {P' 


■'p")]-i 


? [R' >> 


?R"]] 



[Ro -a [(/" < P") 1? [i?' >? R"]W 



As ?L fourth case let p be s with f [(/" ® P") f'"]. Also, let Rq, and such that 
R^iRa^Rxl The proof ^ can be: 

[([ifl V /"] (S P") v [i?o 's /""]] 

' « (/" » /"')] « -ff /""]] 
OIl.Eol 

Point|2]applies to There are structures Pi , P2, such that there exist (#0 : [Pi "S" P2] l- 
[Po "S- P'"], and ^0 : f- [[R\ 'S P'] >«■ Pj], and ^1 : h [P" '8 P2]. 

We observe that |Pi| < |[Po 'S' Pi]|. So, the inductive hypothesis holds on ^o- It implies 
that, for every P,),P|, if Pi ~ [Pq -S" Pj], then Si: R\\- [P^ [P' >? Pi]]. In particular 
it holds S{ : P^ 1- [o [P' Pj]] ^ [P' Pi] by taking Pi ^ R\, and o * pi. We can 
conclude as follows: 

ED — 

{[P"'SP2\<SRi) 







II 

S [P' « Pil) 


[{P" 


» [P' ' 


9 PlJ) ^ P2] 


[(/"( 


S P") ' 


S [Pi « P2]] 


[(/"€ 


i P") ^ 


II 

? [Po 1? P'"]] 






>P")1?P"']] 



MM 

As a^/f/i cflie let p be uj, with P k \P'\a. The proof ^ can be: 

r[[Po-gPi]yp']j„ 
"l[r[Po'sPi]j„vrp'jj 

El = 

[[Po'sPi]^[P'JJ 
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because, thanks to ( fT9] l. we can always assume P' is such that a i fn([/?o 'S Ri])- 
Point [3] of Proposition 13. II appHed on impHes: 



We observe that < \^\. So the inductive hypothesis holds on It implies that, 
for every RIR\, if [^o 'S Ri] ~ [R^ R\], there are : R\ h [R^'^ P']. In particular 
it holds (f j' : Ri [Rq 'S P'] by taking Ri ~ R\, and Ro ^ R^^. We can conclude as 



follows: 



\Rlia 

[r/?oj« « r/"j.] 
01 ^= 

[^0 'S \P'ia] 

The topmost instance of (fTST l is legal thanks to a ^ fn([/?o ^i]). 
Proof of Point m The proof is by induction on |^|, proceeding by cases on the last rule p of 

As 2i first case let the last rule of ^ be qi with >? \{P' < P") \IJ' 'S U"]]] as its 
redex. So, ^ can be: 



[W.'??[</"</"'>'S 

Point [TJappUes to There exist S' : {Pi< Pi) h [t/' t/"], and ^" : h [P' Pi], 
and c2 : h [[[PJo'sP"] Pi]- The inductive hypothesis holds on ^. Thanks to 
|[[r^J. ^ P"] s P2]\ < mia [<P' <P"> s [V s U"]]]\ we get ^' : fUL h [P" Pj], 
and : h [P C/]. The proof of BVQ in the statement we have to prove is The 
derivation of BVQ in the statement we have to prove is: 



qi- 



£"\\ 

{[P'^Pt]<[P"^P2]) 

HP' <P"}'S{P,<P2)] 

<ff|| 

[{P' <P"}'8[U' U"]] 



As a second case let the last rule of ^ be qi with [[PJ^ [<P' < P") '9 P'"]] as its 
redex. So, ^ can be: 

o-EU-pi.nii = 



URL^l{P'<P")'?P"']] 
Point [U applies to There exist S' : {Pi -Pa) h P'", and ^" : h [P' -sPi], and 
^ : h [[PJ, [P" Pz]]. Thanks to llfPJ. [P" v Pz]]! < llfPJa s [<P' < P"> P"']]| 
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the inductive hypothesis holds on B which impHes S' : \U}a \- [P" P2], and ^' : h 
U]. The proof of BVQ in the statement we have to prove is The derivation is: 



[P" 1? P2] 



Oil - 



<o < [P" S P2]) 

{[P''8P,]<[P"'SP2]) 
[{P' ^Pn-SiPl^Pl)] 

4 

[(P' <P")'S P'"] 

As a third case let the last rule of be S with [\R\a '9 [(P' ® P") "S P"']\ as its redex. 
So, ^ can be: 

\{[P' smA'sP'l'sP'"] 

[ni.ooi.s.ni 

Point|2]appHes to There exist S -.[Pi's P2] H and : h [[[TJJa F] -s- f 1], 
and ^ : h [P" 'S P2]. Thanks to 1? [P' Pi]]| < [(P' ® P") ^ P"']]| the 

inductive hypothesis holds on 3^" which implies S" : [?7J„ h [P' '8 f 1], and £2' : h 
{R'8 U]. The proof of BVQ in the statement we have to prove is The derivation of 
BVQ in the statement we have to prove is: 

[P' -9 Pi] 

03: 



[ni,[iii.[ioi. 



[(o ® P') V P{\ 

[([/>" -g P2] « n s Pj] 

' HP' (s P") 1? [Pi V P2W 
4 

[(/" ® P") /""] 



As a. fourth case let the last rule of 3^ be ui with [f^Ji, ^ P] as its redex. This means 
P « fUja. So, ^ is: 



Point [3] of Proposition 13 . 1 1 applied on implies the existence of 3^" : \- [R'8 U], 
which is the proof of BVQ in the statement we have to prove. The derivation is [Uia ^ 



C Proof of Context Reduction (Proposition 13.41 page llOl) 



The proof is by induction on IS' { }|, proceeding by cases on the form of 5 { }. 

As a first case, let S{ } ^ {S'{ }<P}. So, the assumption is ,^ : b {S'{R]<P}. Point^ 
of PropositionOimplies ^' : h S'{R}, and ^" : h P. Thanks to \S'{R}\ < \{S'{R}<P)\ the 

inductive hypothesis holds on 3^'. There are U, and ^7 such that, for every V with fn{V) n 
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hn(R) = 0, both : [[V i? {/]Jg h S'{V}, and :\-[R'^ U]. The proof is the one we 
are looking for To get the derivation we are looking for, we fix V such that fn(y) nbn(/?) = 0. 
This allows to use ^ as follows: 

IIV -8 (/]Jg 

_ S'{V\ 

II 

As a j-econd cflie, let 5 { ) ~ } ® P). So, the assumption is ^ : h (_S'[R] ® P). Point|2] 
of Proposition[TT]implies ^' : h S'{R}, and ^" : h P. Thanks to < \{S'{R] ® P)\ the 

inductive hypothesis holds on 0^' . There are U, and b such that, for every V with fn(y) n 
hn{R) = 0, both & : \{V >i? U]\-^^ h 5'{y}, and 3^"' : h [i? t/]. The proof is the one we 
are looking for To get the derivation we are looking for, we fix V such that fn(y) nbn(/?) = 0. 
This allows to use 2) as follows: 

®ll 

_ S'{V} 
M 

(5'{V|®o) 

■0^" II 

As a f/i/rt/ cflie, let 5 { } ~ [-^ '{ )Ji with e fn(5 '{ }). Otherwise it would be meaningless 
assuming to have S{ } with such a form. So, the assumption is ^ : f- \S'{R}\b. Point [3] 
of Proposition [TT] implies ^' : h So, < ir5'{7?}Ji| implies the inductive 

hypothesis holds on 3^' . There are U, and b such that, for every V with fn(y) n bn(/?) = 0, 
both ^ : [[y t/]Jg h 5'{y}, and : h [7? t/]. The proof is the one we are looking 
for To get the derivation we are looking for, we fix V such that fn(y) n hTi{R) - 0. This 
allows to use as follows: 

\S'{V]\t 

As SL fourth case,lelS{ } ~ [{S'{ } < P'} '8 P]. The assumption is ^ : h [{S'{R} < P'} 'S P]. 
Shallow splitting implies the existence of P\,P2 such that !^ : (Pi < Po) I- P, and : h 
[S'{R}'sPi], and ,^2 : H [P' '9 P2]. The relation \[S ' [R] '8 P i]\ < \[{S'{R} < P'} '9 P]\, which 
holds also thanks to < implies the inductive hypothesis holds on There are U, 
and b such that, for every V with fn(y) n hn{R) = 0, both ^' : [[y "S" U]ig h [5'{y} Pi], 
and : h [/? f/] . The proof is the one we are looking for To get the derivation we 
are looking for, we fix V such that fn(y) n hn{R) = 0. This allows to use ^' as follows: 

f[V'?U]}g 
[S'{V]'sPi] 



<[5'{K)>sP,]-.o> 

{[S'{V]'8P,]<[P' 'SP.]} 

[<s'{y)</")'s</', 
[<5'(y}<P'>'S'P] 

Asa^/f/icflie,let5{ } * ® F) -P]- The assumption is ^ : h [(^'{T?} ® P') P]. 

Shallow splitting implies the existence of Pi,P2 such that : [Pi 'B P2] ^- and : h 
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[S'{R} '9 Pil and ^2 : l- [P' 'S Pil The relation \[S'{R} 1? < \[(S'{R} ® P') 'S which 
holds also thanks to |f i| < |f |, implies the inductive hypothesis holds on There are U, 

and b such that, for every V with fn(y) n hn{R) = 0, we have ^' : [[V 'S t/] J,- I- [S '{V} v Pj], 
and 3^"' : t- [7? 'S [/]. The proof is the one we are looking for To get the derivation we 
are looking for, we fix V such that fn(y) n hn{R) = 0. This allows to use ^' as follows: 



m- 



IIV s U]ig 
3' II 



m 

s 



(o«[5'|V|i?/',]) 

([P''SP2]S,[S'{V}'8P,]) 



m'{v]> 


S Pi] (8 /") ■ 


SP2] 


[[(5'{K)< 


8 P') V Pi] ' 




[(5 '(VI 8 


1 P') « [P, >S 





As a sixth case, let 5| } ~ )J„ 'S P] with a e bn(5'{7;)). Otherwise, it would be 

meaningless to assume 5{ ) as such. The assumption is ^ : I- [[^'{/^IJfl 'S P]. Shallow 
spHtting implies the existence of P' such that & : \P'ia 1- P, and : t- [S'{R] 'S P']. The 
relation \[S'{R] 'S P']\ < \[[S'{R]ia 'S P]\, which holds also because a e fn(5'{7?}), implies 
that the inductive hypothesis on is true. There are U, and b such that, for every V with 
fn(y) n hn{R) = 0, both : [[V -8 U]\f^ h [S'[V} ^ P'], and ^" wlR^ U]. The proof ^" 
is the one we are looking for To get the derivation we are looking for, we fix V such that 
fn(y) n hn(R) - 0. This allows to use S^' as follows: 

[[V u (7]Ji,„....i„,„ 
®'ll 

^ \[S\V]^P'}\a 

''\\S'{V)\,'S\P'\,} 

[\S'{V]\a^P} 

As a seventh case, \t\.S{ ] ~ {S'{ ) \P\a\ with a e hvi(\P\a). Also, without loss of gen- 
erality, can always choose a such thata i fn(5'{/?)). The assumption is ^ : h '8 \P\a\- 
Shallow spHtting impUes the existence of P' such that ^ : \P' \a h P, and ^' : 1- [S'{R] 'S P']. 
The relation \[S'{R} 'S P']\ < \[S'{R} 1? [P]ial which holds also because a E bn(rPJ„), implies 
that the inductive hypothesis on is true. There are U, and b such that, for every V with 
fn(y) n hn{R) = 0, both ^' : \[V 'S t/]Jg h [S'{V] '8 P'], and ^" : h [7? f/]. The proof ^" 
is the one we are looking for To get the derivation we are looking for, we fix V such that 
fn(y) n bn{R) - 0. This allows to use ^' as follows: 

IIV -8 f/]Jfc,....A,.« 

\{S'[V]^P'M 



\\S'[V]\„'9\P'\„} 

M- 



[S'{V}'8\P'\A 

[S'{V]^\P\a} 

We remark that (fTsT l applies thanks to a i fvi{S'{R}). 
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D Proof of Splitting (Theorem 



1331 page HOI) 



We obtain the proof of the three statements by composing Context Reduction (Proposi- 
tion 13.4b . and Shallow Splitting (Proposition I3.2l i in this order We develop the details of 
Points[T] and[3] The proof of Point|2]is analogous to the one of[T] 

Pointlll Context Reduction (Proposition l3.4b applies to So, there are U, and b such that, 
for every V, with fn(V)nhn({R < T)) = 0, there exist ^ : l[V 'S U]\g h S{V], and ^ : h 
[{R < T) ^ U]. Shallow Splitting (Proposition!!^ appHes to ^. So,V : {Ki <K2) h U, 
and ^1 : h [7? Ki], and ^2 : H [r Ko], for some Kx,K2. Both ^1, and ^2 are the 
two proofs we are looking for The derivation is: 

\[V {K, < Kim-, 
s\ 

\[y s f/]jg 

S[V\ 



Point|3l Context Reduction (Proposition 13.4b applies to So, there are U, and b such 
that, for every V with fn(y) n bn(r/?Jfl) = 0, there exist & : \{V t/]Jg h S{V], and 
^ : \- [\R\a U]. Shallow Splitting (Proposition |T2]i applies to ^. So, £ : lK\a \- U, 
and JS' : \- [R 'S K], for some K. So, is the proof we are looking for The derivation 

" fUVL S \K\„]\j; 

M- = 
S{V] 

The step ( fTSl l applies thanks to the assumption that fn(y)nbn([/?Ja) = 0, which implies 
a i fn{V). 



E Proof of Admissibility of the up fragment (Theorem 13^ 
page [TO]) 

As a. first case we show that ait is admissible for BVQ. So, we start by assuming: 

.^'\ 

S{a<&a) 
aiT 

Point |2] of Splitting (Theorem 13.5b applies to 3^', whose conclusion is S(a^a). There 
are Ki,K2, and b such that, for every V with fn(y) n bn((fl® a)) - 0, there exist ^ : 
\[V'^[Ki '9K2]]}g h S{V}, and : h [a'sKi], and ^2 : H \a'9K2]. Shallow splitting 
(Proposition 13. 2b on ^1, and ^2 impUes S'l : a \- Ki, and £"2 : a h K2. To build the 
following proof with the same conclusion as 3^, but without its bottommost instance of 
ait it is enough to observe that among all the possible instances of V there is o, because 
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fn(o) n bn((fl ® a)) = 0. So, we can prove: 



r°j6 

aij. - 



m 



l[a 'S a]\g 

<?i|| 

S{o] 



where is ^ with V instantiated as o. 

As a second case we show that qt is admissible for BVQ. So, we start by assuming: 

S{{R<U)s>{T'V)) 



Point [T] of Splitting (Theorem l3.5b applies to — beware, not — , whose conclusion 
is S{{R'?)T)<{U ®V)). There are K],K2, and ^ such that, for every V with fn(V") n 
hn{S{{R®T)<{U ®V))) = 0, there exist ^ : [[V (/Ti < /*:2)]Ji i- S{V'], and : h 
{(R <g>T)'8 Kil and ^2 : h [(t/ » V) /:2]- Shallow spUtting ( Proposition [321l on both ^1, 
and ^2 implies # : /Tr] I- Ki, and =2i : h [R'sKr], and =^2 : h [T Kj], and 

<r' : [/Tc 'S Ky] \- K2, and ^{ : \- [U 'S Ku], and : h [V Ky]. To build the following 
proof with the same conclusion as but without its bottommost instance of qt, it is enough 
to observe that one of the possible instances of V is {{R 181 T) < (t/ ® V)} because, thanks to 
( fT9] i, we can always assume fn{{{R «> T) < (f/ <» V))) n hn{{{R ^T)<{U'» V))) = 0: 

o 

^"11 

S2" II 

^'ill 

r<[r -2 Kt\ < [([U '8 Ku] ® V) « Kv]}}g 
•Sill 

r([(i? 0T)'8Kr'8 Kt] < [{U «V)'8Ku'8 Kv])h 





€>T)'8 Kr 


'8KT]<[{Ui 


8 V) 


'8 Ku 1 


? Kv])ls 


■ r[<(^ » 


T)'(Us> 


V)) ^ {[K„ s 




'[Ku- 


g /fi/]>]J,; 



r[<(i? ® r) - (f/ » V)) « [A-R 'sKt'sKu'S Kvmg 
[[{(R ® D < ((/ ® V)> 1? '9Kr'9 K.mg 
\m « D < ((/ ® V)} s [K, s K2]\\g 

S>'\\ 

S {{R T) < (U (S V)} 



where ^' is ^ with V instantiated as {{R ® T) < ([/ ® V)). 

As a third case we show that ut is admissible for BVQ. So, we start by assuming: 

SilRL'S'lTh) 

uT 

SKR^Di, 
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PointOof Splitting (Theorem l3.5l l applies to ^ — beware, not 3^' — , whose conclusion is 
S \{R ® T)\a. There is K, and b such that, for every W with fn(y) nbn(5 \{R ® T)\a) = 0, there 
exist & -.livs K]i^g \- S{V], and : \- [{R T) 'S K]. Shallow splitting (Proposition O 
on ^1 implies : [Kr '8 Kj] h K, and : ^- [R'9 Kr], and ^2 : H [r Kj]. To build 
the following proof with the same conclusion as but without its bottommost instance of 
ut it is enough to observe that one of the possible instances of V is 5 [{R ® T)}a such that 
fn(r(/? ® TH,) n bn(r(-R ® r)J„) = 0: 



[n],s^ 



r(° ® °)J„,s 

l{o«,[R'sKM„B 

KIT -g Kr] « [/; 1? K^])lj; 

' \m s K,!] « D ^ KT]i„ g 

m <&T)'SK„'S Kt]]Ij; 
<j|| 

\[{R^T)^K]lg 



F Proof that mtl is derivable in BVQ (Lemma l53l page [12]) 

We proceed by induction on the size \(\M Dd, of (\M Do, that occurs in the conclusion of mtj,, 
proceeding by cases on the form of M. 
The first base case is M = jc. 



[(\xl'S{r<o)] = l{x<7)'8{r<o)] 

The second base case is M s (M') M". 

(l(M') M" I = f[(\M' \,, l(\M" \),], -g {p < o)]\p 
_ \m'\)p'^\W'),\,^iP'7)^{r<-o)]\„ 

rioi.uj. - 

[l\(M')M" I. « {r<o)] = mM' I, 1? \I\M" \,,\, S {p <?)]]„ '8 {r<o}] 

The unique inductive case is with M = Ay.M' that, without loss of generality, can have 
y X. 

(\Ay.M' I = f(\M' Ijy 

mti 



m.M' l-Sir^ o)] = U(iM' D,J, -8 (r < o>] 
where mti applies by induction because |(|M' D^l < Idiy.M' D;.|. 



G Proof that subst is derivable in BVQ (Lemma 1531 page[l2| 



We proceed by induction on the size |[(|M[)o '9 (\N\)x]\ of [(\M\)o '8 <\N\)x], that occurs in the 
conclusion of subst, proceeding by cases on the form of M. 
Let M = X. We have three situations; 
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N = y. 



N = iN')N". 

= Ay.N' that, without loss of generahty, can be y x. 

mti '- 



Let M s Ay.M' that, without loss of generality, can always be such that y x. 

(\Ay.M'flA)o = \WfL]\lo\. 
subst 



where subst applies by induction because \[<\M' ^N' D.JI < |[(|/ly.M' \j„ 'S ^N' D.v]|. 
Let M = (M') M" with x e fv(M'). 

^(M'r/,))M" ^„ = r[^M'r/,)^p ^ \<\M"h\, « <p-«>]j,. 

subst 

where subst can be apphed by induction because |[(|M' 'S (^N D^ll < |[(|(M') M" Do "S" Dj.]|. 
Let M = {M')M" with x e fv(M"). 

subst 

_ im' \)„ s [\(\M" t),J„ 1? ^A' <P ^ o>]J„ 
03,ui = 

Qol.ui.IHl = 



where subst applies by induction as \[<\M" ^A? ^aH < M" \)o ^A? D.,]|. 
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